On 08.02.2015, Matthias Schniedermeyer wrote:
> > You need something to compare the passphrase to, and that's the hash.
> > How would you check the validity of the entered passphrase otherwise?
> > A plain text comparison is obviously impossible.
> With Plain the password can't be verified, the dm-crypt device is setup
> and if the password was wrong, the "decrypted" device contains garbage.
> Containers usually have a means to test if the password is correct,
> plain does not.
I tried to keep it simple in my example. Although you're (of course) right, I
didn't write about "plain encryption" or "plain dmcrypt", but plain text
comparison, in order to explain why there is the need for e.g. a hash.
As you point out, with plain dmcrypt the only possibility is actually
using the password and checking if the "decrypted" data based on it makes any sense.